New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Only secure origins are allowed? #6
Comments
localhost is an exception to the TLS rule. What was the url you were On Tue, 24 Feb 2015 22:00 Michal Mocny notifications@github.com wrote:
|
Ah. Was using ip explicitly: 0.0.0.0 or 127.0.0.1 i forget. Thanks! On Tue, 24 Feb 2015 17:25 Jake Archibald notifications@github.com wrote:
|
|
Confirmed |
Does this only work for port 80? |
Any port is fine On Fri, 27 Mar 2015 08:34 Marius Gundersen notifications@github.com wrote:
|
Hmm, still getting an error:
|
Are you running your own server or the one recommended in the tutorial? Is the script served with a valid js mime type, eg application/javascript? On Fri, 27 Mar 2015 08:39 Marius Gundersen notifications@github.com wrote:
|
Thank you, that was the issue! For anyone ending up here from Google: if(path.extname(filename) == '.js'){
res.setHeader('content-type', 'application/javascript');
} |
Will get that error message improved On Fri, 27 Mar 2015 08:51 Marius Gundersen notifications@github.com wrote:
|
Greetings! var https = require("https"); However, when i call "navigator.serviceWorker.register" against the worker script sw.js, the following is output to the browser console: Uncaught (in promise) DOMException: Operation failed by security issue {message: "Operation failed by security issue", name: "SecurityError", code: 18, INDEX_SIZE_ERR: 1, DOMSTRING_SIZE_ERR: 2…}code: 18message: "Operation failed by security issue"name: "SecurityError"proto: DOMException If I do a straight import of the sw.js using a script tag, the "application/javascript" type exists. Seems like it's close, but for whatever reason the script won't register. I was curious if there were other configurations needed to help coax sw.js to be well received? Thank you! |
Hi Jack, I m getting |
Using polymer and trying to serve the app by using the browsersync's "https: true" option in gulpfile.js. This work and defaults the website to https, but doesn't do anything about trusting a certificate. So the "failed to register a service worker. An ssl certificate error occurred when fetching the script" is thrown in the desktop under this scenario. I'm doing this because i want to replicate the same situation happening in the mobile browser (chrome). i figured it out through remote inspection. Since the access to the app is made through the IP address of the server, no localhost SSL skip process is made in the browser. same error occur. If you know a way to trust the certificate by using gulp, please let me know. |
Same error:
Content type is |
I'm having the same issue with IIS and a self-signed cert at work: There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID). It'd be nice to have a way to disable this check either in the browser or in the webserver or on the page itself when loading up the service worker such as: navigator.serviceWorker.register('sw.js', { insecure: true }) |
If you still have this problem check out this thread |
You can launch Chrome with We'd never allow: navigator.serviceWorker.register('sw.js', { insecure: true }) …as you break security by allowing a developer to opt out of it on behalf of the user. |
Can you make localhost trusted, or allow service workers over HTTP on localhost, like with other resources? |
Not sure if the best place for this but it is possible to add a new secure origin. The reason for this is that we use |
I develop on a remote machine and I have this same issue. |
Chrome is giving me a message that --ignore-certificate-errors is unsupported and unstable, but --allow-insecure-localhost seems to work. |
Would be great if Chrome just allowed any domain name that resolved to 127.0.0.1. I use the lvh.me domain for testing subdomains so can't just use the IP or localhost. |
I'm using a vagrant machine for development and it gives me this error. I don't know IMHO even the private ips should be allowed. |
Any domain that resolves to localhost / 127.0.0.1 should automagically activate |
When I follow the instructions from Step 1, I end up with a runtime exception and no service worker due to SSL requirement:
Uncaught (in promise) DOMException: Only secure origins are allowed. http://goo.gl/lq4gCo
I even attempted to create a self-signed cert and got
http-server
to serve ssl, then ignored the big red warning inside chrome, but I still get an error:Uncaught (in promise) DOMException: Operation failed by security issue
withcode: 18
(In Canary the message is a bit better:)
DOMException: Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script.
I haven't found a flag to get Chrome to run in a way that accepts all certs, (
--disable-web-security
isn't it..).So: Is there any way to test locally that doesn't involve registering an actually valid signed certificate? I know that process has gotten easier, but...
The text was updated successfully, but these errors were encountered: